wormhole/SECURITY.md

# Security

## Bug Bounty Program

We operate a **[bug bounty program](https://immunefi.com/bounty/wormhole/)** to financially incentivize independent researchers (with up to $10,000,000 USDC) to find and responsibly disclose security issues in Wormhole.

If you find a security issue in wormhole, we ask that you immediately **[report the bug](https://immunefi.com/bounty/wormhole/)** to our security team.

## 3rd Party Security Audits

We engage 3rd party firms to conduct independent security audits of Wormhole.  At any given time, we likely have multiple audit streams in progress.

As these 3rd party audits are completed and issues are sufficiently addressed, we make those audit reports public.

- **[January, 10, 2022 - Neodyme](https://storage.googleapis.com/wormhole-audits/2022-01-10_neodyme.pdf)**
    - **Scopes**: *Ethereum Contracts, Solana Contracts, Terra Contracts, Guardian, and Solitaire*
- **[July 1, 2022 - Kudelski](https://storage.googleapis.com/wormhole-audits/2022-07-01_kudelski.pdf)**
    - **Scopes**: *Ethereum Contracts, Solana Contracts, Terra Contracts, and Guardian*
Add SECURITY.md (#1157) * Add SECURITY.md * Update formatting * Remove extra word * Fix typos in SECURITY.md * More tweaks to SECURITY.md 2022-05-09 11:54:02 -07:00			`# Security`

			`## Bug Bounty Program`

			`We operate a [bug bounty program](https://immunefi.com/bounty/wormhole/) to financially incentivize independent researchers (with up to $10,000,000 USDC) to find and responsibly disclose security issues in Wormhole.`

			`If you find a security issue in wormhole, we ask that you immediately [report the bug](https://immunefi.com/bounty/wormhole/) to our security team.`

			`## 3rd Party Security Audits`

			`We engage 3rd party firms to conduct independent security audits of Wormhole. At any given time, we likely have multiple audit streams in progress.`

			`As these 3rd party audits are completed and issues are sufficiently addressed, we make those audit reports public.`

Correct date in SECURITY.md 2022-08-02 08:55:12 -07:00			`- [January, 10, 2022 - Neodyme](https://storage.googleapis.com/wormhole-audits/2022-01-10_neodyme.pdf)`
Add Kudelski Security Audit Report (#1336) * Add Kudelski Security Audit Report * Reorder audit scopes for consistency * Fix a typo in Neodyme audit bullet 2022-07-06 12:06:14 -07:00			`- Scopes: Ethereum Contracts, Solana Contracts, Terra Contracts, Guardian, and Solitaire`
			`- [July 1, 2022 - Kudelski](https://storage.googleapis.com/wormhole-audits/2022-07-01_kudelski.pdf)`
Correct date in SECURITY.md 2022-08-02 08:55:12 -07:00			`- Scopes: Ethereum Contracts, Solana Contracts, Terra Contracts, and Guardian`